Key Takeaways
1. Security Flaw in Secure Folder: A vulnerability allows apps from a different work profile to access files in Samsung’s Secure Folder, compromising user privacy.
2. Bypassing Protections: Normally, Secure Folder requires biometric authentication or a PIN/password, but this flaw allows access without these safeguards when using specific work apps.
3. User Discovery: The issue was highlighted by a Reddit user, who demonstrated that work profile apps can bypass restrictions meant to keep Secure Folder contents safe.
4. Samsung Acknowledgment: Samsung has recognized the problem after it was reported and is expected to take action to fix the vulnerability.
5. Testing the Vulnerability: Users can replicate the issue by using apps like “Island” to create a work profile and access the Secure Folder, revealing potential security risks.
Samsung’s Secure Folder, a feature meant to keep sensitive data safe on Galaxy devices, has been discovered to have a serious issue. Recent findings show that apps and photos stored in Secure Folder can be accessed under specific circumstances, which brings up worries about the privacy and security of the information kept there.
Understanding the Flaw
Secure Folder acts as a “Work” profile, letting users keep private apps, photos, and files apart from their main profile. Usually, if an app tries to access files from the Secure Folder, the system blocks it unless the app is specifically allowed to do so.
But a Reddit user, known as lawyerz88, found that this security measure doesn’t work when a “Work” app (which includes a media picker) is connected to a different work profile. In this situation, files in the Secure Folder can be accessed through that app. This makes it easy to bypass the intended privacy safeguards.
User Insights on the Issue
“If you have the work profile enabled through something like Island or Shelter (or even your real workplace), any apps in the work profile can access all files saved in the secure folder without any limits at all,” the Reddit user mentioned. “It looks like it’s only restricted by policy from the personal profile, and someone forgot to block access through another work profile.”
Android Authority confirmed this vulnerability using the Shelter app, which can create a work profile on any device. Essentially, anyone who has physical access to a Galaxy device could take advantage of this flaw to view Secure Folder data. This issue challenges Samsung’s claims of strong security, as sensitive information in the Secure Folder could be exposed without the user knowing.
How to Test the Vulnerability
Normally, accessing the Secure Folder requires biometric authentication or a PIN/password, but the loophole through Work apps makes these protections useless. After reporting the issue, the user noted that Samsung acknowledged it. The company recently addressed a boot loop problem related to the Secure Folder, and given that many are now aware of this flaw, we hope the company acts quickly to resolve it.
If you want to see the flaw for yourself, you can download “Island” or a similar app from the Play Store, set up a work profile, download an app with a media picker, and try to upload a photo. You might find an option to select media from two work profiles, one of which includes your Secure Folder.
Leave a Reply